The rise of RCS Business Messaging, or RBM for short, is making waves in the messaging ecosystem, with businesses eager to tap into a channel that promises enhanced customer engagement. RCS users are forecast to increase to 2.79 billion this year, boosted by Apple’s announcement that iOS will support RCS. However, as with any new technology, there are questions arising about its implications for security and efficacy. In this blog post, we explore key questions that CPaaS providers, MNOs, and others operating in the messaging ecosystem have about securing RBM, as discussed in a recent webinar featuring experts from Enea, Sinch, and Mobilesquared.

First, the Basics: What is RCS Business Messaging (RBM)?

RCS Business Messaging (RBM) is a messaging channel that enables brands to communicate with consumers through rich media, interactivity, and enhanced engagement capabilities. Features like images, buttons, and carousels allow for a more engaging consumer experience, positioning RBM as a powerful tool in a brand’s marketing strategy.

To leverage this opportunity, mobile operators, aggregators, and CPaaS providers must establish a clean, secure channel and protect the long term viability of RBM. But where to start? Perhaps the answers to these frequently asked questions will help.

Q1. Which Channel is More Secure, SMS or RBM?

SMS is plagued with numerous security vulnerabilities, leaving the channel susceptible to attacks when left unprotected. Comparatively, RBM is generally considered to be more secure. One of the most pervasive security issues on SMS, is that attackers can manipulate sender IDs to spoof numbers and appear as legitimate brands, public bodies etc., for SMS phishing. RBM introduces encryption and sender verification that aims to better protect messages in transit and prevent spoofing from happening. However, RBM is certainly not impenetrable. It’s important to note that while P2P RCS messages are end to end encrypted, RBM messages are currently encrypted in transit. This means that RBM messages are still vulnerable to manipulation at certain points of delivery. On the user’s handset, for example, message content is unprotected, and susceptible to manipulation by malware (read about the janus face of encryption here).

Some of the security features on RBM also bring about new risks, which brings us on to the next question.

Q2. What Security Challenges Does RBM Face?

RBM, while offering enhanced functionality and built in security mechanisms like encryption and sender verification, is not without its security vulnerabilities. In fact, cyber attackers are already exploiting the platform. Malicious actors can use the RCS Business Messaging channel to send spam or phishing messages, potentially compromising user trust before the channel reaches full adoption.

While sender verification processes on RBM are an important security asset, they also introduces new risks. If attackers manage to impersonate legitimate or verified brands, and users see a verified check mark or brand logo, they won’t second guess the legitimacy of the sender. This can make them more vulnerable to phishing, social engineering, and other scam messages. Similarly, the idea of encryption can also lull users into a false sense of security, and they may not be prepared for RBM threats that bypass encryption.

Consumer education will be important to equip users with the ability to differentiate between legitimate messages and fraud, but RBM security cannot rely on education alone. At present, RBM security is fragmented across markets, leading to inconsistencies in security, and weak spots that attackers will almost certainly look to exploit. Robust and consistent messaging security will be imperative in securing users, protecting the integrity of the RBM channel, and the reputations of mobile operators, CPaaS providers, and brands globally. Read more about RBM security challenges in Enea’s RBM Handbook.

Q3. How Does Fraud Affect RCS Business Messaging?

Grey routes and artificial inflation of traffic are two kinds of fraud that we see plenty of on SMS. Naturally, as some traffic migrates over from SMS to RCS, fraudulent behaviors follow. Already, grey routes via P2P RCS channels are emerging, mirroring issues faced by traditional SMS. Grey routes are of particular concern to mobile operators, undermining trust and eating away at revenues. In a recent webinar, Mobilesquared identified grey routes as the most significant threat to RBM monetization in 2025, followed by RCS phishing and the Artificial Inflation of Traffic (AIT).

So, we know that AIT won’t disappear on RBM. There is still potential for fraudsters to exploit the channel. For example, interactive chatbots could be manipulated to artificially trigger conversations, inflating message volumes and hiking up costs.

Going forward, addressing RBM fraud will help to ensure a secure messaging environment, fostering trust between all parties along the delivery chain.

Q4. How Can AI be Used to Build Effective Countermeasures Against Evolving Messaging Scam Tactics?

When it comes to the messaging threat landscape, AI plays an undeniable role in the evolution of scams, enabling scammers to act faster, smarter, and at a greater scale.

To match the pace of attackers, operators and CPaaS providers can employ advanced AI tools to enhance their security and defend against evolving scam techniques. For example, AI can enable some real-time detection of spam and fraudulent messages. Importantly though, we cannot rely on AI alone to secure messaging channels. Continuous iteration and training of AI systems will be required to teach AI to distinguish between legitimate and harmful content. Human oversight is also necessary to validate AI results, and identify novel threats and techniques that AI may not pick up on. By leveraging both technology and  human oversight, operators, CPaaS and other partners can establish protection against old, new and evolving messaging threats, and maintain the integrity of the messaging channel.

Q5. What Role Do Regulations Play in the Future of RBM?

Experts note that regulators typically respond when consumer dissatisfaction rises. Thus, proactive measures should be taken within the industry to establish best practices and maintain a clean RBM channel. For operators, aggregators, and CPaaS providers, maintaining consumer trust will be vital as adoption rises, so working collaboratively to secure trust and meet regulatory expectations without waiting for policies to emerge is in everyone’s best interest.

RCS Business Messaging presents an exciting opportunity for transforming business messaging; however, it comes with its own set of security challenges. By addressing security concerns, brands, CPaaS providers, and MNOs can leverage the benefits of RBM correctly, and foster consumer trust in the channel.

Have you got more questions about securing RCS Business Messaging? They might be answered in our latest webinar: Building Trust in a Rich Media World. Watch the recording below.